Wednesday, January 13, 2010


Credit card fraud

On the last day of 2009, I picked up something in a store, proffering my credit card for payment. After a moment with the machine, the cashier said, “It’s declined.”

Huh? I’d used it the day before, and there’s no reason anything should have happened since then. She tried again, with the same result.

When I got home, I logged into the account online, and there was a message for me to call the fraud department, which I did. The very pleasant and personable service representative checked for me and saw the transaction I’d just attempted. “It was also declined yesterday,” he said, “when you tried to buy gas in Freeport. But it worked when you used it at WalMart.” Ah.

No, I told him, I hadn’t been to Freeport (maybe an hour and a half from here, on Long Island), yesterday nor any other day. And I hadn’t been to WalMart recently, either.

He closed my account and opened a new one, and said that, unfortunately, it would be longer than usual before I got a replacement card, because of the new year holiday. It was Thursday, but the new card wouldn’t be mailed until Monday.

When I checked the account online again on Tuesday, I found six charges — including the one at WalMart — that were fraudulent, all at stores in Massapequa, near Freeport. The charges had been made with a card (the service rep had surmised that “they” had made a bogus card with my account number on it), and were all between $100 and $200, presumably large enough to be worthwhile, but small enough not to immediately arouse suspicion. I have no idea how the bank caught it between those six purchases and the gas station, but they did.

The new card would, I was told, come with an affidavit sheet, on which I could list any fraudulent transactions that appear on my account, and the bank would take care of it. And, indeed, this won’t cost me anything except the inconvenience of chancing my account number (making sure that automatic purchases are changed over, and so on), and the bank will just write off the $1000 loss as a cost of doing business. It’s small change, compared with what some crooks get away with.

And, yet, it leaves me angry. The people who did it will never be caught, and they’ve just gotten away with stealing almost $1000 worth of goods. The fact that they used my account number to do that makes it sit very close to home. There wasn’t any way I could have prevented it — the account number could have been recorded a couple of days earlier, or perhaps it was months ago, and was only now being used.

There’s huge money in stolen credit-card account numbers. Most are collected and used electronically, worldwide. This is a smaller-scale operation, done locally and using real, physical cards.

It’s just irritating to be reminded how many people are out there who are prepared to steal whatever they can get their hands on.


Nathaniel Borenstein said...

Of course they'll never be caught. The credit card companies have no incentive to catch them (though plenty of incentive to make you think they're trying). They're going to pass on the costs to all of us in the form of increased merchant fees, which translate into higher prices. This is their business model. They killed First Virtual and other Internet payment companies by assuming all liability to consumers for fraudulent transactions, thus ensuring that they couldn't be displaced by payment systems that weren't as radically insecure as they are. Their size lets them do that sort of thing, absorbing and passing on all the costs of steadily rising fraud that have come with the Internet age.

The only solution I can think of is strong antitrust action against Visa and MasterCard. If you broke up this near-monopoly, you might see some actual innovation in payment systems, including payment security. But the credit card companies have always viewed security as an afterthought that they indulge in primarily to protect their public image. I could point you at some amazing information about them...

Bottom line: Visa may be second only to the Federal Reserve in the economic power it wields in the US.

Call me Paul said...

Here in Canada, most banks are going to new smart card/chip card technologies to help prevent fraud. Apparently there is a lot of resistance in the US to this technology.

Barry Leiba said...

Paul: Yes, and there are countries where most U.S. cards aren't accepted, because we don't have the chips.

Nathaniel: I agree with all that. How do we change it? How do we get antitrust action going, when the regulators are already so tight with the banks?

It's not just Visa, though: they're the broker. The banks, which actually manage the cards and the money, giving a cut to Visa, are the ones that are really eating the costs of fraud. And we de-regulated banks long ago....

Sue VanHattum said...

This has happened to me multiple times. This last time, the affadavit I signed had to be notarized, and being way too busy last year (single mom, two jobs) I took way too long to get that done.

My credit union has said they'll resolve it, but have now taken over half a year. I'm moving all charges to my newer credit card (also with a credit union), so I can tell the old one that they must clean this up. It's a drag.

I feel like we're caught up in so many absurd cycles, dealing with our tech tools/toys, dealing with our financial stuff, dealing with things that break...

Nathaniel Borenstein said...

1. Smart card technology helps a bit, but it doesn't help with Internet transactions unless people get card readers attached to their pc's, which doesn't seem imminent.

2. Barry -- I don't expect to live long enough to see this fixed. Step one is fixing the way money corrupts our politics, though.

3. Certainly it's not just Visa, but they're the clear leaders. They do stuff -- after getting the tacit approval of their stakeholders -- and then MasterCard (and, where relevant, JCB, Amex, and Discover) folow suit. They don't collude in advance, so they can claim they aren't violating antitrust laws, but they nearly always all just follow Visa's lead.

The Ridger, FCD said...

On vacation this past summer I tried to use my debit card to pay for the motel in Depoe Bay. It was declined. I gave them another card (whew) and called my bank. They had called my work number (I made sure they had my cell now!) over an attempt to get money out of an ATM in Susanville, CA, which involved the wrong PIN.

That was me, actually, I said. I hit the wrong key without noticing it. They read off a number of other purchases (Susanville was Friday, this was Tuesday - I hadn't tried to use the card Monday, which was when they froze it). All the purchases were me. Fortunately, that was enough and they unlocked the card... I guess being in California instead of Maryland was what triggered the one-mistyped-PIN alert.

Barry Leiba said...

Oh, yes, I've had many times (here's one) when they've contacted me to question some of my own purchases, including times when I was out of the country and it might have been expensive to call them back (Skype is my friend). This is their way of controlling their fraud losses by not being too worried about false positives.

This is the first time that there actually was fraud involved, after, I don't know, maybe 20 or more false positives over the past few years.